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(57) Abstract 

An electronic document delivery system and method in which a broadcast center (150) periodically sends a "catalog" of available 
documents :o a receiving computer (1 10). thereby allowing a user to browse through the available documents without having to access the 
broadcast center (150). The documents are transmitted as packets, and the packets are decrypted as soon as they are received, eliminating 
the need to store both an encrypted and a decrypted version of the documents at the receiving computer. The receiving computer (1 10) 
periodically receives information allowing it to decrypt received documents and to encrypt billing information for the receiving computer. 
The invention is not limited to text-only documents, and can receive all types of documents, such as software, images, text, and full-motion 
video. 
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Descri^r igp 
DEFERRED BILLING, BROADCAST, 
ELECTRONIC DOCUMENT DISTRIBUTION SYSTEM AND METHOD 

Background of the Invent: ion 

This application relates :c a computer network and, more 
specifically, to a method and apparatus for implementing an 
electronic document delivery system where both documents and 
billing information are encrypted during transmission. 

An electronic document delivery system transmits 
documents' from a central depository to individual nodes or 
receiving computers. In some conventional document deliver/ 
systems, a user accesses a computer at the central 
depository, examines a list of available documents stored at 
the- central depository, and requests that one or more of the 
documents be transmitted to him. In other conventional 
document delivery, systems, a predetermined group of documents 
are sent from the central depository to the user and stored 
on the user's system. The user is then free to examine 
documents in the predetermined group. Still other 
conventional electronic document delivery systems can be used 
to send only certain types of documents, such as text -only 
documents . 

Some electronic document delivery systems transmit 
documents to the user in encrypted form. The enervated 
documents are received at the receiving computer and stored 
in a memory. Thereafter, the documents are decrypted and the 
decrypted form of the documents are also stored in a memory. 
Such double storage of documents is wasteful of memory and 
storage space. 

What is needed is an electronic document delivery systerr 
in which a user can determine which documents he wishes to 
receive and in which the user is charged only for those 
documents that he receives. It is also desirable to allow 
the user to designate which documents he wishes to receive 
without having to access a central computer to view a list c: 
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available documents. Furthermore, it is -desirable that such 
a system use encryption for all critical information passing 
between the central computer and the receiving computer. It 
also is desirable to avoid having both an encrypted and a 
decrypted version of a document stored at the receiving 
computer, as this is wasteful of memory space. 

Summa ry of the Invention 

The present invention overcomes the problems and 
disadvantages of the prior art by having a central comouter 
(or "broadcast center") periodically send a "catalog" "of 
available documents to a receiving computer. The user can 
then browse through the available documents without having to 
access the broadcast center. The documents are transmitted 
as packets, and the packets are decrypted as soon as they are 
received, eliminating the need to store- both an encrypted and 
a decrypted version of the documents at the receiving 
computer. Moreover, the invention is not limited to -text- 
only documents and can receive all types of documents, such 
as software, images, text, and full -motion video. The 
receiving computer periodically receives information allowing 
it to decrypt received documents and to encrypt billing 
information to be sent to the broadcast center. 

A purpose of the present invention is to allow ail forms 
of electronic documents to be distributed in a cost-effective 
manner using broadcast technology in a way that prevents 
access to a document without paying for it. 

In accordance with the purpose cf the invention, as 
embodied and broadly described herein, the invention resides 
in a document delivery system comprising: 

a broadcast center that sends a document as a plurality 
of encrypted packets; 

a communication link connected to the broadcast center 
for carrying the packets,- 

a receiving computer, connected to the communication 
link, and including a memory and a broadcast receiver, 
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wherein the broadcast receiver decrypts each packet as it is 
received .and stores only the decrypted packets in the memory. 

In further accordance with the purpose of the invention, 
as embodied and broadly described herein, the invention 
resides is a document delivery system in a network, 
comprising : 

a broadcast center that sends a catalog containing a 
list of documents to be sent by the broadcast center; 

a communication link connected to the broadcast center 
for carrying the catalog; 

a receiving computer, connected to the communication 
link, and including a memory and a file browser, wherein the 
file browser receives the catalog and stores the catalog in 
the memory, displays the stored catalog, and receives user 
input indicating a document ■ in the catalog. 

.. .In. .further accordance with the purpose of the invention, 
as embodied and broadly described herein, the invention 
resides is a method for document delivery in a network 
system, comprising: 

the steps of sending, by a broadcast center in the 
network, a document as a plurality of encrypted packets; 

connecting a communicaticn link to the broadcast center; 

decrypting a received packet in a receiving computer 
connected to the communication link, the receiving computer 
including a memory and a broadcast receiver, wherein the 
broadcast receiver performs the decrypting step on the packet 
as it is received and stores only the decrypted packet in the 
memory; 

sending, by the broadcast center, account information 
including key seeds to a security engine in the receiving 
computer; and 

generating, by the security engine, keys used by the 
broadcast receiver to decrypt the received packets in 
accordance with a one-way hashing method based on a document 
ID of the sent document and one of the key seeds. : ••- ' 
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It is understood that bcch. the foregoing general 
description and the following detailed description are 
exemplary and explanatory and are intended to" provide further 
explanation of the invention as claimed. 

Brief Des cricc ? m, cf the Drawings 

The accompanying drawings, which are incorporated in and 
constitute a part of this specification, illustrate several 
embodiments of the invention and, together with the descrip- 
tion, serve to explain the principles of the invention. 

Fig. I is a hardware block diagram of a preferred 
embodiment of the invention,- 

Fig. 2 is a detailed hardware block diagram cf a 
broadcast center of Fig. i' ; 

Fig. 3 is a detailed hardware block diagram of a 
security engine of Fig. 1 ; 

Fig. 4 is a detailed hardware block diagram of a 
receiving computer of Fig. i ; 

Fig.. 5 is a timing chart showing the overall operation 
of the present invention; 

Fig. 6 is a flowchart of steps performed by the 
broadcast receiver of Fig. i in the function of receiving and 
decrypting packet information; 

Figs. 7(a) and 7(b) are flowcharts of steps performed by 
the file broadcast receiver of Figs. 1 and 4 in the functions 
of receiving an announcement message and sending a load 
request, and receiving and processing a decrypted packet from 
the broadcast receiver; 

Fig. 8 is a flowchart of steps performed by the security 
engine of Fig. 3 in the function of receiving and processing 
a load request from the file broadcast receiver; and 

Fig. 9 is a flowchart, of steps performed by the file 
browser of Figs. 1 and 4 in the function of displaying a 
catalog and processing document requests. 

PetaUed Description of rU P r eferred Embodi^nr. 

Reference will now be made in detail to the preferred 
embodiments of the invention, examples of which are il- 
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iustrated in the accompanying drawings. Wherever possible, 
che same reference numbers will be used throughout the draw- 
ings to refer :c the same cr like parts, 
a . General Overview 

The following is a general discussion of networking 
hardware used in a preferred embodiment of the present 
invent ion . 

In a preferred embodiment of the present invention a 
communication link between a broadcast center computer and a 
plurality of document receiving computers is implemented 
using satellite technology to implement a high-speed one way 
link between the document receiving computer and the 
broadcast center. This high-speed link is used to download 
documents and data from the network. The receiving computer 
also has a conventional link such as a dial-up modem and 
telephone line sending data to the network. The invention 
can use various forms of high-speed, one-way links, such as 
satellites, and cable television lines. The invention can 
use various forms of low-speed networks, such as TCP/I? 
networks, dial-up telephones, ISDN D-channel. CPDP, and low- 
speed satellite paths. 

The described embodiment of the present invention uses 
satellites to provide a high-speed one-way link. Satellites 
can cover large geographical areas and are insensitive tc the 
distance between a transmitter and a receiver. In addition, 
satellites are very efficient at point-to-point applications, 
and broadcast applications, and are resilient and resistant 
to man-made disasters. Two-way satellites are expensive to 
use, however, because of the costs involved in purchasing and 
installing satellite ground terminal hardware. In the past, 
these costs have placed satellite communications outside the 
reach of an individual consumer. 

The present invention allows a personal computer to 
receive downloaded information from the network via a 
satellite at a very practical cost. In the present 
invention, the cost cf satellite communications is reduced 
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because a one-way sacell^e link He „ ■ 

c ~ is used. Receive -only ea—"^ 

station equipment is cheaper to manufacture because it* 
requires less electronics than send/receive antennae. 

b - The Electron^ rw- U menr n^ljyerv ^v.rc 

The following paragraphs present a brief overview cf a 
preferred embodiment cf the present invention. A more 
detailed description fellows thereafter. 

The present invention is an electronic document deliver 
system in which a central broadcast center broadcasts 
documents on a predetermined schedule. Documents can ude 
various types of files or data, including software, imaces 
text, and full-motion video. Periodically, a cataioo of 
documents to be sent during an upcoming time period is s— 
by the broadcast center to a plurality of receiving 
computers. Users of the receiving computers, either human 
b.xngs or other computers, designate which documents in the 
catalog they wish to receive. Sometime later, the broadcast 
center broadcasts, in encrypted form, each of the documents 
listed in the catalog. As each document is received by a 
receiving computer, the receiving computer determines whether 
one or more of its users have designated the document as a 
document from the catalog that they would like to receive. 
If the document was designated by the user, the receiving 
computer decrypts the document and stores billing information 
about the received document. The billing information will be 
transferred back to the broadcast center at a later time. 

The following paragraphs provide a more detailed 
description of a preferred embodiment of the present 
invention. Fig. 1 is a hardware block diagram iffO of a 
preferred embodiment of the invention. Fig. i includes a 
receiving computer- 110, which is one of the plurality of 
receiving computers, a broadcast receiver 120, a security 
engine 130, a communications link 140, and a broadcast center 
150. Receiving computer 110 includes a file broadcast 
receiver 112 and a file browser 114. 
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Communications link 140 preferably is a combination of a 
satellite broadcast channel plus a dial-up telephone line. 
Another embodiment of the invention uses a vertical blanking 
interval of broadcast television to carry the broadcast data. 

In Fig. l, communications link 14 0 includes an incoming 
link 142 carrying encrypted and non-encrypted data packets 
and an outgoing link 144 carrying encrypted billing 
information as discussed below. 

Fig. 2 is a detailed hardware block diagram of broadcast 
center 150 of Fig. 1. As shown in Fig. 2, broadcast center 
15 0 is preferably a general purpose computer including a CPU 
202 and a memory 204. CPU 202 can be any type of known CPU 
that is capable of performing the functions described below 
in connection with broadcast center 150. Similarly, memory 
204 is a generally known type of memory capable cf holding 
information, such as RAM, ROM, a floppy disk, a hard disk, 
"etc. 

Memory 204 includes a software program that is executed 
by CPU 202 to perform functions Fl, F2 , F3 , and F4 , as 
described in connection with the table below. Memory 2 04 
also includes a plurality of documents capable of being sent 
to ones of the receiving stations over communication link 
140. Memory 204 also includes information about ail 
documents available to be sent by broadcast center 150, such 
as document name, document length, origin cf the document, 
ownership of the document, schedule on which the document is 
to be transmitted (e.g., periodically, or at a predetermined 
time or date), cost to a user of receiving the document, 
access control information indicating which receivers are 
authorized to receive the document, etc. The specific data 
and the format of the data . stored in memory 204 may vary 
without departing from the spirit and scope of the invention. 
Memory 204 also includes a set cf key seeds to be sent to 
security engine 13 0 of receiving computer 110, as described 
below. 
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Fig. 3 is a detailed hardware block diagram cf security 
engine 130 of Fig. 1. As shown in Fig. 3, security engine 
13 0 is preferably a general purpose computer including a 
CPU 302 and a memory 304. CPU 302 can be any type of known 
CPU that is capable of performing the functions described 
below in connection with security engine 130. Similarly, 
memory 3C4 is a generally known type of memory capable of 
holding information, such as RAM , ROM, a floppy disk, a hard 
disk , etc . 

Security engine 130 preferably is a physically secure 
computer. Thus, it is physically locked or otherwise 
rendered physically inaccessible by unauthorized persons and 
its memory is not accessible to other computers " or CPUs. 
Ensuring that security engine 130 is physically secure 
ensures that people only receive documents they will be 
billed for because the master key used to decrypt key sets 
and the key sets themselves are physically secure. A smart 
card is an example of such a security engine. Dallas Semi- 
conductor "DS22S2T Secure Micro Stik" is another. In one 
implementation of the invention, to reduce cost, link 144 is 
omitted and billing information is sent to broadcasting 
center 150 by way of receiving computer 110. In yet another 
implementation, the security engine may be integrated with 
the receiver to reduce cost and to maintain the secrecy cf 
the keys. 

Memory 304 includes a software program that is executed 
by CPU 302 to perform functions F10, Fll, and F12 described 
in connection with the table below. A preferred embodiment 
of the present invention uses software based encryption 
because the amount of data to be encrypted and decrypted by 
the security engine is relatively small and relatively slow 
encryption and decryption is acceptable. In contrast, 
broadcast receiver 120 preferably implements a decryption 
algorithm in hardware using a symmetrical encoding scheme, 
such as the. Data Encryption Standard (DES) Electronic 
Codebcok implemented under Federal Standard 10-26, as shown 
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in Telecommunicati ons: Cemoacibi l.itv Recru—emer.r 3 fsr- Hc« ^ 
Data Encryption Stanearris punished December 11, 1978 bv the 
General Services Admir.ist ration. 

Memory 3 04 also includes an engine ID (a code uniquely 
identifying the security engine), an engine master key ifor 
decrypting the account status information received from 
broadcast center 150 and for encrypting billing information 
and checksum to be sent to broadcast center 150), document ID 
data identifying a document requested by the user from the 
catalog (received as part of a load request), key seeds for 
generating keys to decode the documents listed in the 
catalog, account information received from broadcast center 
150, billing information fcr documents received since billing 
information was most recently received from broadcast center 
150. and a credit limit received from broadcast center 150. 
The specific data and the format, of the data stored in memory 
3 04 may vary without departing from the spirit and scope of 
the invention. 

Fig. 4 is a detailed hardware block diagram of receiving 
computer 110 of Fig. l. As shown in Fig. 4, receiving 
computer no is preferably a general purpose computer 
including a CPU 402 and a memory 404. CPU 402 can be any 
type of known CPU that is capable of performing the functions 
described below in connection with receiving computer 110. 
•Similarly, memory 404 is a generally known type of memory 
capable of holding information, such as RAM, ROM, a floppy 
disk, a hard disk, etc. 

Memory 404 includes a plurality of software programs 
that are executed by CPU 402 to perform functions ■ F7 , ' F8, F9, 
F13, and F14 described in connection with the table below. 
As can be seen from Fig. i, receiving computer 110 includes 
both file broadcast receiver 112 and file browser 114. 3oth 
file broadcast receiver 112 and file browser 114 preferably 
are implemented as a plurality of software programs stored' in 
memory 404 that are executed by CPU 402. As also shown in 
Fig. 1, file., broadcast .receiver 112 performs all interfacing 
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computer 110. File browser 114 only receives data from a-d 
sends data to file broadcast receiver 112 (althouah browse^ 
114 also receives data from users during times when users are 
designating documents from the catalog) . 

Memory 404 also stores received documents and catalog 
aata (including the document name, the document length, the 
ongm of the document, the ownership of the document, the 
schedule on which the document is to be transmitted, e g 
periodically, or at a predetermined time or date, the cost 
a user of receiving the document, a description of the 
document sufficient to allow a user to determine whether h- 
desires the document, etc.). Memory 404 also stores a l<st 
of "documents of interest" which are the names of the 
documents designated by users browsing' the cataloc, and t"e " 
account status (whether there is any credit remaining) of the 
receiving computer's account. The specific data and the 
format of the data stored in memory 204 may vary without 
departing from the spirit and scope of the invention. 

The following paragraphs present an overview of the 
operation of the present invention with reference to the 
timing chart of Fig. 5. At a predetermined time interval, 
broadcast center 150 broadcasts the catalog "in the clear," 
i.e., in unencrypted form, to the plurality of receiving 
computers including receiving computer 110 using multicast 
addressing. The catalog preferably is broadcast in packet 
format. The described embodiment sends all packets in 
accordance with the IEEE 802.2 data communication standard. 
Broadcast receiver 120 receives the catalog and passes it to 
receiving computer no. In receiving computer no. the 
catalog is stored in memory 404. e.g.. a hard disk. When a 
user, using file browser 114, designates a document from the 
catalog, broadcast file receiver 112 stores a document ID, 
e.g., a number or an unambiguous document name, in the list 
of "documents of interest" in memory 404. 
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Broadcast center 150 then proceeds to broadcast the 
documents list.ed.-in .the catalog using multicast addressing. 
For each document, broadcast center 150 first multicasts an 
announcement message identifying the document to be sent 
next. The announcement message also includes a key seed id 
identifying the key seed needed to decrypt the document. _ The 
announcement message is received and decrypted by broadcast 
receiver 120 and passed tc file broadcast receiver 112. 
the announced document is on the list of documents 
interest, file broadcast receiver 112 sends a load request 
including the key seed ID to security engine 13 0. Security 
engine 13 0 determines if the. user has sufficient credit and 
authorization tc receive the document. If so, security 
engine 130 sends the key (obtained in accordance with the kev 
seed ID) for the document to broadcast receiver 120. 

After-broadcasr center 150 sends the announcement 
message for a document, it prepares to send the document 
itself. The document is packetized, encrypted, and broadcast 
over communications link 14 0. As broadcast receiver 120 
receives each encrypted packet, it determines whether it is a 
packet for which broadcast receiver 12 0 has a key. Each 
document sent from broadcast center 150 is decrypted with a 
different key. if broadcast receiver 120 has received a 
correct key from security engine 130, it decrypts the packet 
and passes it to file broadcast receiver 112, where the 
packets- of the received document are assembled in their 
correct order and stored in memory 4 04, e.g., on a hard disk. 
File broadcast receiver 112 then informs the user that the 
requested file has been received. In a preferred- embodiment , 
all encryption is done using a symmetrical encoding scheme, 
such as the Data Encryption Standard (DES) method. Other 
embodiments may use a private key scheme for non-document 
data, e.g., billing information and key sets, sent between 
the broadcast center and the receiving station. 

Another type of data transmitted by broadcast center ISO 
is account information. Account information is transmitted 
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-ir. che clear." i.e.. in unencrypted form, at lease to ' 
exceriz that broadcast receiver 120 does not decrypt i- r he 
account information is passed through, file broadcast rec-'ve- 
112 ana is passed to security engine 130 as account 
information. Security engine 130 decrypts the account 
information using a master key stored in memory 304 The 
account information includes key. seed, credit limit, etc 
Since che account data is encrypted in a way that only th« 
security engine 130 can decrypt, there is no need for the 
data to be further encrypted for transmission to the 
broadcast receiver 120. This allows for easier transmission 
or account information (the broadcast receiver 120 does rot 
require a key to receive the account information) without 
compromising the security of the information (the data is 
still encrypted in a way that only the security engine 130 
can decrypt) . ^ 

Periodically, e.g., once a month, security engine no 
encrypts its billing information concerning documents 
received by receiving computer 110 during the oast month and 
senas che encrypted billing information to broadcast center 
150. This encryption is performed using a master key of 
broadcast center 150 that is stored in memory 304. This 
information may be encrypted using a symmetrical encryption 
. method, such as DES or a private key method. Broadcast 
center 150 decrypts the received billing information usinc 
Che master key and uses the decrypted information to senc'yet. 
another updated account status to receiving computer 110. 

The following table provides a list of the functions 
performed by the electronic document distribution system, 
according to which particular subsystem performs the 
function. These functions will be described in the foliowinq 
paragraphs, with reference to Figs. 1-5? 
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SUB -SYSTEM 

BROADCAST 
CENTER 



TABLE: 
FUNCTIONS PERFORMED BY 
ELECTRONIC DOCUMENT DISTRIBUTION SYSTEM 

FUNCTION 
Send catalog (non-encrypted) 

Receive and decrypt billino 
information 

Periodically send account status 
(non-encrypted) and key seeds 
(encrypted) 

Send announcement messaae, and 
packetize, encrypt , and^send 
document 



(Fl) 
(F2) 

(F3) 
(F4 ) 



BROADCAST 
RECEIVER 



Receive and store key from 
security engine 

Receive packet and decrypt 
it if key is correct 



(F5) 
(F6) 



SceiwS ADCAST Re "t Ve . annouriceme ^ message 
receiver and load request 

Receive document reauest and 
store document ID on list of 
documents of interest 

Receive ana process decrypted 
packet from broadcast receiver 



(F7) 
(F8) 

(F9) 



SECURITY 
ENGINE 



Receive accounting statistics 
and key seeds and score them 
in memory 

Periodically send billing 
information to broadcast 
center (encrypted) 

Receive and process load request 
from file broadcast receiver 



(F10) 



:fiu 



:f 12) 



CATALOG 
BROWSER 



Receive and store new catalog 

Display catalog and process 
document requests 



(F13 ) 
(F14 ) 
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Functions Fl , F2 , F3 . and F4 are performed bv the 

broadcast center 150 of Fig. 2 . Ia executing function n 

broadcast center 150 broadcasts to all cctential receiving 

computers a catalog listing all documents to be sent during 

an upcoming predetermined time period, e.c, ever the next 

weex. The catalog is sent "in the c-ea- - i • 

ah uae c.eai, i.e., unencrypted , 

because none of the receivers are charged a fee to receive 
the catalog and there is no reason to limit: access to the 
catalog . 

In executing function F2 . broadcast center 150 receives 
encrypted billing information from securitv encH ne '30 ' 
Broadcast center 150 receives similar billing information 
from each receiving computer on the network. The bi"«na 
mrormation details which documents were received during" the 
most recent billing period. The broadcast, center 150 
decrypts, the billing information using a private key' and 
stores the decrypted billing information in memory 204 to be 
usee later in determining an account status and for actually 
invoicing the user for documents delivered. 

In executing function F3 . broadcast center 150 
periodically, e.g.. monthly, sends account status information 
to each of the plurality of receiving computers, including 
receiving computer 110. The account information is tailored 
to the receiving computer and includes a statement of its 
receiver's status (e.g., satisfactory, overdrawn, limited 
access, etc.). The account information also includes core 
information required by security engine 13 0 to create keys cc 
decrypt electronic documents. Although the account 
information is broadcast in the clear, the concents of the 
account information is encrypted in such a way that only 
security engine 130 may access and decrypt the account 
information. 

In executing function F4 , broadcast center 150 
determines that it is time to broadcast one of the documents 
listed m the catalog.. Broadcast center 150 sends an 
announcement message, including a document ID for the 
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document Co be sent to ail potential receivers the document 
ID identifying- which key to use. The broadcast center ISO 
then packetizes, encrypts, and sends the document using'a.n 
appropriate encryption key for that document. Each receiver 
has already decided whether it wishes to receive the 
transmitted document and thereafter be billed fcr the 
document . 

Functions F5 and F5 are performed by the broadcast 
receiver 120 of Fig. i. Fig. s is a flowchart of steps 
performed in the execution of function F6 . 

In executing function F= , broadcast receiver 120 
receives a key and a document ID for the document to be 
received next from security engine 130 on line 146 of Fic. i 
Note that the key is received only if the document is or." the 
list of documents of interest in the memory of receiving 
computer lie-, if an announcement message for the document was 
previously received from broadcast center 150, and if a load 
request was sent from file broadcast receiver 112 to the 
security engine 130. Furthermore, the security engine 130 
must determine, using status and authorization information 
stored in its memory, that the user is authorized to access 
the document. The broadcast receiver 120 stores the received 
key in a memory or similar type of storage. 

The execution of function F5 will be described with 
reference to Fig. 6. In step 7 i2 of Fig. 6, broadcast 
receiver 12 0 receives an encrypted packet sent durinc the 
execution of function F4 . m step 714, broadcast receiver 
120 determines whether it has a key for the received packet. 
(The document ID is contained in each packet.) If so* 
broadcast receiver 120 decrypts the received packet in steo ~ 
718 using the key received . during the execution of function 
F5. Thus, each packet is decrypted as it is received and it 
. is not, necessary to store, an encire encrypted document or 
large parts of an encrypted document before the document in 
decrypted. This immediate decryption results in a savir.cs of 
memory space • in memory 404 because an encrypted and a 
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decrypted version of the, same document: do- not have to 
simultaneously reside on a disk or in memorv 
corresponding key is not loaded, the received oacket is 
discarded in step 715. m eicher case< _^ 
step 712 to await more data. 

Functions F7 , F8 , and F9 are performed bv --e - 1» 
broadcast receiver 112 of Fig. Figs . 7 (a) ' anc 7 (b) \_ 

flowcharts of steps performed in the execution of functions 
F7 and F9, respectively 

The execution of function F7 will be described wit^ 
reference to Fig. 7(a). m step 802 of Fia. 7(a) file 
broadcast receiver 112 receives the announcement iessag. f~ 
a document and. in step 804, determines whether the document 
ID xn the announcement message is contained in f— list o- 
documents of interest in memory 404..- If so; file broadcas- 
receiver 112 sends a load -request to security encine 130 ^ 
step 80S. The load request contains, e.g., the document ZD 
from the announcement message, so that securitv engine 130 
can send a corresponding key to broadcast receiver 120. " - 

In the execution of function F8, file broadcast receive- 
112 receives a document request from file browser 114 
indicating a document in the catalog that the user wishes to 
receive. it should be noted that the user can be either a 
person interfacing with the file browser throuch a text = >- 
GUI interface or, alternately, that the user can be another 
computer or computer program interfacing with the cataloo and 
nle browser 114 through a predetermined protocol. The fUe 
broadcast receiver 112 then adds the document ID of the 
document designated by the user to the list of documents of 
interest in memory 404. 

The execution of function F9 will be described with 
reference to Fig. 7(b). m step 822 of Fig. 7(b) file 
broadcast receiver 112 receives a decrypted oacket from 
broadcast receiver 1.2 0. m accordance with a field in the 
received packet identifying the packet type, file broadcast 
receiver 112 performs one of three actions. in steo 824 i* 
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the received packet contains account s:a:us inf ormaticr. . file 
broadcast, receiver 112 sends it to security engine 130. i-i 
step 82S, if the received packet includes catalog 
information, file broadcast receiver 112 stores it in memory 
404 and preferably informs file browser 114 that a new 
catalog has been received. 

In step S23, if the received packet is a decrypted cart 
of a document requested by the user, file broadcast receiver 
112 stores. the packet, along with ether packets to re< 
the requested document, and informs the user that the 
document has been received. Note that, once a document has 
been received and stored in memory 404 it may be processed 
and/or reviewed by a user without any interaction wich 
broadcast receiver 120 or security encine 13 0. 

As described above, file broadcast receiver 112 pieces 
electronic- documents back together from individual broadcast 
packets. If the broadcast medium has a lew enough bit error 
rate and a high enough availability, an electronic document 
will be correctly delivered after only one transmission. For 
broadcast media where this is not the case however, file 
broadcast receiver 112 and broadcast center 150 may use 
either of two techniques to ensure the reliable delivery of 
broadcast documents. In both cases, file broadcast receiver 
112 stores the partially assembled document and a record of 
the missing pieces (gaps) within the document in a suitable 
memory. File broadcast receiver 112 fills in the gaps as the 
missing pieces are retransmitted by broadcast center* 150. 
Security engine 130 keeps just a single billing record per 
document even if it receives repeated load requests for a 
single document. The two techniques are: 1) scheduled 
transmission, in which broadcast center 150 repeatedly 
transmits the entire document, i.e., transmits it several 
times in a .row to fill in the gaps en the receive side, and 
2) requested transmission, where file broadcast receiver 112 
requests retransmission of just the gaps via a separate 
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necwork. The separate network could be. for examcie i ^k 

144 used for sending billing records to broadcast* center 150 
or some other link or communication channel. 

Functions F10, Fll, and F12 are performed by the 

security engine 130 of Fig. i. Fig . 8 is a flowchart of 

steps performed bv securitv orc-iP nn ■; - 

. o=v_v-.^uy wi.g.ne 130 in tne execution of 

function F12. 

In the execution of function F10, securitv engine 13 0 
receives account status information from broadcast center 
150. The key seeds are an important component of the accourt 
information because the key seeds are used to produce the 
keys needed by broadcast receiver 120 for decryption of 
documents. The set of key seeds used by broadcast center -o 
is changed periodically. Broadcast center 150 can disable a 
receiver's ability to receive by withholding key seeds. 

When a load request is delivered to security engine 130 
security engine 130 produces a key for decryption of the 
document from the contents of the announcement message and a 
key seed using a keyed one-way hash function. Keyed one-way 
hash functions produce an output that is a function of both 
an input string (e.g., a document ID) and a key (e.g., a key 
seed). Thus, only someone with the key can calculate the hash 
output value. One type of a keyed one-way hash function is 
called a "MAC, which stands for Message Authentication Code. 

The following paragraphs describe two keyed one-wav hash 
functions that are preferably used in various implementations 
of the present invention. a first function encrypts a 
message with a block algorithm in CFB mode. The hash is the 
last encrypted block encrypted once more in CFB mode. This 
technique is described in ANSI X9 . 9 and ISO 9797, both of 
which are herein incorporated by reference. A second 
function is called RIPE-MAC and uses DES (Data Encryption 
Standard) . More details of this function can be found in the 
book "Applied Cryptography- by Bruce Schneier, which is 
incorporated by reference. Other hash functions could also 
be used to implement the invention. 
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The keyed one-way hash function is also used to C reat= a 
"checksum" for. the billing report. The checksum can be 
created only with the key. When broadcast center 15 o 
receives a billing report with a valid checksum, the checksum 
ensures that the report was created by a party having the 
key. As long as the key is kept private in broadcast center 
150 and in security engine 130, falsified or modified billing 
information can be detected by broadcast center 150. 

In the execution of function Fll, security enaine 13 0 

periodically, e.g., monthly, sends billing information to 

broadcast center 150. The billing information details which 

documents were received (by document ID) and when they were 

received during the billing period. Security engine 13 0 

encrypts the billing information using a public key of 

broadcast center 150. Altemaroi „ w< i i ; - 

— u Aiternaieiy, the billing mrormation 

may be-protected by a checksum but not encrypted. The public 
key is part of the account information sent to security 
engine 130 in encrypted form. Security engine 130 reports 
billing information to broadcast center 150 under several 
circumstances, periodically, on receipt of a message 
requesting that billing information be sent, when the billing 
record is reaching a predetermined memory capacity, or when 
the credit limit is close to being reached. 

The execution of function F12 will be described with 
'reference to Fig. 3. In step 922 of Fig. S, security engine 
130 receives a load request from file broadcast receiver 112. 
In step 824, security engine 130 checks the credit limit and 
authorization status of receiving computer 110. If receiving 
computer 110 is authorized to receive the requested document, 
security engine 130. in step 926, sends a key and a document 
ID from the account information in memory 304 corresponding 
to a document ID in the load request to broadcast receiver 
120. In step 928, security engine 130 records the document 
ID of the document to be received into memory. This 
information is periodically sent to broadcast center 150 for 
billing purposes. Security engine 130 also maintains a 
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running credit limit value in metnory. The credit limit , s 
debited when document requests are made and credited 
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Functions F13 and F14 are'perf ormed by the file browser 

by 



114 Of Pig. X. Fig . 9 is a flowcharr _ of steps performed i 
file orowser 114 during the execution of function F14 



In the execution of function F13, file browser i M 
receives new catalog data from fil e broadcast receiver n 2 
and stores the catalog information in memory 404 
Alternatively, file broadcast receiver 112 handles storing 
cne catalog information in memory and merely informs fil . 
browser 114 that a new catalog has been received 

The execution of function F14 will be described with 
reference to Fig. 9. In scep , C12 Q , p . g , ^ 

114 waits for a user to request a "catalog browse" function 
When such a request occurs, file browser 114 in step 1014 
displays all or part of the current catalog and allows the 
user to browse through the catalog using a known user 
interface. A catalog may contain hundreds or thousands of 
entries. After the catalog is displayed, the user may in 
step 1016 choose to exit the system. If the user stays, the 
in step 1018 the user designates one cf the files in the 
catalog stored in memory 404. m step 1019 file ' browse- 114 
sends a document request to file broadcast receiver 112 
containing a document ID corresponding to the document 
designated by the user. As discussed above, a document 
request causes file broadcast receiver 112 to issue a load 
request to security engine 13 0, which sends a key to 
oroadcast receiver 120 so that broadcast receiver 120 will 
decrypt the packets of the document when they are received. 

Thus, use of a catalog in the present invention present 
a convenient method for a user to determine which documents 
to receive. Use of a catalog also allows the user to 
completely control which documents are received and thus 
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prever.ts wasting resources c.i the reception of documents net 
of interest. 

In summary, in the present invention, billing 
information is stored in a secure fashion in security engine 
130 and sent periodically to broadcast center ISO. The 
billing information is protected against tampering by a keyed 
checksum using a key known only by the security engine 130 
and the broadcast center 150. In addition, the billing 
information includes an encrypted checksum. Encryption of 
the billing information makes it more difficult for users co 
falsify their billing information and makes it simpler for a 
central billing authority to detect tampering with billing 
information. 

The security of the present invention depends on keepina 
the "engine private key" private, both within broadcast 
center 150 and within security engine 130. The engine 
private key is used to decrypt the account information sent 
from broadcast center 150 to security engine 130 and should 
it become known, unauthorized users would gain access to the 
key seeds needed to decrypt documents . 

The present invention is very secure. The only keys 
that appear "in the clear" where they could be 

misappropriated are the keys for documents for which the user 
is being billed, i.e., keys sent to broadcast receiver 120 . 
This key is of limited value because the user will soon have 
a complete copy of the document corresponding to the key. 

Other embodiments will be apparent to those skilled in 
the art from consideration of the specification and practice 
of the invention disclosed herein. It is intended that the 
specification and examples be considered as exemplary only, 
with a true scope of the invention being indicated by the 
following claims. 
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What Claims T g . 

1. A document delivery system, comprising: 

a broadcast center that sends a document as a 
plurality of encrypted packets; 

a communication link connected to the broadcast 
center for carrying the packets; 

a receiving computer, connected to the 
communication link, and including a memory and a broadcast 
receiver, wherein the broadcast receiver decrypts each oacket 
as it is received and stores only the decrypted packets in 
the memory . 

2. The document delivery system of claim l, further 
including a security engine and wherein the broadcast center 
includes means for sending account information to the 
security engine and the security engine uses the account 
information to generate keys used by the broadcast receiver 
to decrypt the received packets. 

3. The document delivery system of claim 3, wherein the 
account information includes key seeds and the security 
engine uses a one-way hashing method based on the number of 
the sent document and one of the key seeds. 

4. The document delivery system of claim 3 wherein the 
account information includes billing information. 

5. The document delivery system of claim 1, where the 
sent document consists of two or more from the following 
group: software, images, text, and full -motion video. 

6. The document delivery system of claim 3, wherein the 
account information includes an engine private key for 
encrypting billing information sent to the broadcast center 
on a periodic basis. 

7. The document delivery system of claim 1, wherein the 
communication link includes a hybrid link, allowing fast 
broadcast communication from the broadcast center to the 
receiving computer and slower communication from the 
receiving computer to the broadcast center. 
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8. The documen-. delivery system of claim 1, wherein the 
communication link is ar." satellite broadcast link with I 
dial-up modem return link. 

9. The document delivery system of claim 1, wherein the 
system is a Local Area Network. 

10. The document delivery system of claim 1, wherein 

the broadcast center also sends an unencrypted packet 

containing a catalog, and the receiving computer further 

includes a file browser, and wherein the file browser 

receives the catalog, stores the catalog in the memory, 

displays the stored catalog, and receives user input 

indicating a requested document in the catalog. 

11- The document delivery system cf claim io, further 
comprising : 

a security engine containing a number of keys; 
. ..means in the receiving computer to send a load 
request to the security engine when the file browser receives 
input indicating the requested document in the catalog. 

12. The document delivery system of claim 11, further 
comprising: 

means in the security engine to send a key 
corresponding to the re-quested document to the broadcast 
receiver, 

wherein the broadcast receiver discards received 
data which does net correspond to the key. 

13. The document delivery system of claim 11, 
wherein the broadcast center includes means for 

sending an announcement message announcing that a specific 
document is about to be broadcast by the broadcast center; 
and 

wherein the means for sending a load request sends 
a load request if the document request received by the 
browser corresponds to the document announced by the 
announcement message. 



WO 97/26611 PCT/US96/00579 

-24- , 

14. The document delivery system of claim 10. wher-'n 
Che security engine sends billing information to the 
broadcast center on a predetermined periodic basis. 

15. The document delivery system of claim 10. whe— <n 
the security engine sends encrypted billing information to 
the broadcast center on a predetermined periodic basis. 

16. A receiving computer in a document delivery system 
having a broadcast center that sends a document as a 
plurality of encrypted packets and sends account informal or 
including key seeds to the receiving computer, the receivina 
computer comprising: 

a memory; 

a broadcast receiver that decrypts a oacket as i- 
is received and stores only the decrypted received packet in 
the memory; and 

a security engine that generates keys used by the 
broadcast receiver to decrypt the received packets in 
accordance with a one-way ..hashing method based on a document 
ID of the sent document and one of the key seeds. 

17. The receiving computer of claim IS, further, 
comprising : 

a fil^e browser for receiving a catalog, storing the 
catalog in the memory, displaying the stored catalog, and 
receiving user input indicating a document in the catalog. 

13. The receiving computer of claim 17. further 
comprising : 

means in the file browser to send a load request to 
the security engine when the file browser receives input 
indicating a document in the catalog. 

19. The receiving computer of claim is, further 
comprising: 

means in the security engine to send a key 
corresponding to the requested document to the broadcast 
receiver , 
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whersin the broadcast receiver discards rec-ved 
data which is pare of the document ana yet not of the " 
document corresponding to the key. 

20. The receiving computer of claim 18, wherein the 
means for sending a load request sends a load reouest *f the 
document request received by the file browser corresoonds to 
a document announced by an announcement message received from 
the broadcast center. 

21. The receiving computer of claim 16, wherein the 
security engine sends billing information to the broadcast 
center on a predetermined periodic basis. 

22. The receiving computer of claim is , whe-e<- -he 
security engine sends encrypted billing information to\he 
broadcast center on a predetermined periodic basis. 

23. The receiving computer of claim IS, where -he 
communication link includes a hybrid link, allowina f a «c 
broadcast communication from the broadcast center to the 
receiving computer and slower communication from the 

: receiving computer to the broadcast center. 

24. A method for document delivery in a network system, 
including the steps of: 

sending, by a broadcast center in the network, a 
document as a plurality of encrypted packets; 

connecting a communication link to the broadcast 

center; 

decrypting a received packet, in a receiving 
computer connected to the communication link, the rec-i ving 
computer including a memory and a broadcast receive- whe-e<n 
the broadcast receiver performs the decrypting steo on the 
packet as it is received and stores only the decrypted 
received packet in the memory; 

sending, by the broadcast center, account 
information including key seeds to a security engine in the 
receiving computer,- and 

generating, by the security engine, keys used bv 
the broadcast receiver to decrypt the received packets in' 
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accordance with a one-way hashing method based on a document 
number of the sent document and one of the key seeds 

25. A method for receiving documents by a receivina 
computer in a network system, including the steps of- " 

connecting a communication link to a broadcast 
center m the network; 

receiving from the broadcast center, by a broadcast 

receiver, a document as a DluraUtv *n,-™. - 

. lura.ity c^ encrypted packets,- and 

decrypting a received -sr-ico- = 

* i-acice-_ as it is received and 

storing only the decrypted received oacker in » ™ 

- eQ pacicet m a memory m the 

receiving computer. 

^ 26. The method of claim 25, further including the steps 

receiving f.rom the broadcast center, by a security 

engine in the receiving ccmnute- ■ c 

a L - ra P u ter, account information 

including key seeds; and 

generating, by the security engine, keys used by 
the broadcast receiver to decrypt the received packets in 
accordance with a one-way hashing method based on a document 
number of the sent document and a one of the key seeds. 

The method of claim 25, further including the steps 

receiving, by a file browser, a catalog; 
storing the catalog in the memory,- 
displaying the stored catalog; and 

receiving user input indicating a document in the 

The method of claim 27, further including the steps 

sending a load request from the file browser to the 
security engine when the file browser receives input 
indicating a document in the catalog; 

sending from the security engine to the broadcast 
receiver a key corresponding to the requested document, and 
discarding the received data which is part of the 
document and yet not of the document corresponding to the 
key. 
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